[PyQt] sip segfaults while using eric4

Christof Hanke hanke at rzg.mpg.de
Thu Aug 16 18:03:55 BST 2007 

Hi list,

I'm a "eric4"-user which uses sip-4.7.
Unfortunately, my eric4 crashes reproducibly in sip.so (Version-numbers
given below).

Basically it tries to access memory at "0xdbdbdbdb".
Searching the web for "0xdbdbdbdb" and python suggests
that maybe some refcounters are wrong ?

Since I could compile everything with symbol-information, I could find a
"workaround". By applying the "patch" below, it doesn't crash anymore.
The circumstances of the crash are somewhat convoluted, but if it is of
any help I can try to get the crash as small as possible.
After the patch I attached the stacktrace of a gdb-session.


HTH,

Christof



Version Numbers:
----------------

Python 2.5.1
Qt 4.3.0
PyQt4 4.3
sip 4.7
QScintilla 2-snapshot-20070722
eric4 4.1-snapshot-20070813 (r1433)
Platform: linux2
2.5.1 (r251:54863, Aug 7 2007, 09:13:17)
[GCC 4.1.2 20061115 (prerelease) (SUSE Linux)]


Workaround-patch
----------------

--- siplib/objmap.old.c 2007-08-16 08:15:13.000000000 +0300
+++ siplib/objmap.c     2007-08-16 08:05:55.000000000 +0300
@@ -156,7 +156,7 @@

             he->first = NULL;

-            while (w != NULL)
+            while (w != NULL & w != 0xdbdbdbdb)  /* hack!? 0xdbdbdbd
usually means that it's freed mem */
             {
                 /* We are removing it from the map here. */
                 sipSetNotInMap(w);

gdb-stacktrace:
---------------

biber at senf:~> gdb --args /usr/local/bin/python
/usr/local/lib/python2.5/site-packages/eric4/eric4.py
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-suse-linux"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) run
Starting program: /usr/local/bin/python
/usr/local/lib/python2.5/site-packages/eric4/eric4.py
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1210091840 (LWP 4822)]
Qt: gdb: -nograb added to command-line options.
         Use the -dograb option to enforce grabbing.
[New Thread -1246200944 (LWP 4827)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210091840 (LWP 4822)]
0xb79621f2 in sipOMAddObject (om=0xb796580c, val=0x8e92d9c) at objmap.c:162
162                     sipSetNotInMap(w);
(gdb) where
#0  0xb79621f2 in sipOMAddObject (om=0xb796580c, val=0x8e92d9c) at
objmap.c:162
#1  0xb795c9a9 in sipWrapper_init (self=0x8e92d9c, args=0xb7db7034,
kwds=0x0) at siplib.c:6669
#2  0x080ad552 in type_call (type=0x826550c, args=0xb7db7034, kwds=0x0)
at Objects/typeobject.c:436
#3  0x08060171 in PyObject_Call (func=0x826550c, arg=0xb7db7034, kw=0x0)
at Objects/abstract.c:1860
#4  0xb7961e5d in sipWrapSimpleInstance (cppPtr=0x97c8e28,
type=0x826550c, owner=0x0, flags=4) at threads.c:144
#5  0xb795aebd in sip_api_convert_from_new_instance (cpp=0x97c8e28,
type=0x826550c, transferObj=0x0) at siplib.c:5457
#6  0xb75334ed in initQtGui () from
/usr/local/lib/python2.5/site-packages/PyQt4/QtGui.so
#7  0x08146dd2 in PyCFunction_Call (func=0x92cde6c, arg=0xb7db7034,
kw=0x0) at Objects/methodobject.c:73
#8  0x080e90e0 in call_function (pp_stack=0xbfe31aa4, oparg=0) at
Python/ceval.c:3564
#9  0x080e4932 in PyEval_EvalFrameEx (f=0x8f32a8c, throwflag=0) at
Python/ceval.c:2267
#10 0x080e951b in fast_function (func=0x99455d4, pp_stack=0xbfe320a4,
n=2, na=2, nk=0) at Python/ceval.c:3650
#11 0x080e9276 in call_function (pp_stack=0xbfe320a4, oparg=1) at
Python/ceval.c:3585
#12 0x080e4932 in PyEval_EvalFrameEx (f=0x8f2f0cc, throwflag=0) at
Python/ceval.c:2267
#13 0x080e6dcd in PyEval_EvalCodeEx (co=0x8aa2d48, globals=0x8a8af34,
locals=0x0, args=0x8671908, argcount=1, kws=0x867190c, kwcount=0,
    defs=0x8c02a58, defcount=1, closure=0x0) at Python/ceval.c:2831
#14 0x080e9618 in fast_function (func=0x8c170d4, pp_stack=0xbfe32774,
n=1, na=1, nk=0) at Python/ceval.c:3660
#15 0x080e9276 in call_function (pp_stack=0xbfe32774, oparg=0) at
Python/ceval.c:3585
#16 0x080e4932 in PyEval_EvalFrameEx (f=0x867179c, throwflag=0) at
Python/ceval.c:2267
#17 0x080e6dcd in PyEval_EvalCodeEx (co=0x8a9ce68, globals=0x8a8af34,
locals=0x0, args=0x8671728, argcount=2, kws=0x8671730, kwcount=0,
    defs=0x8c028d0, defcount=1, closure=0x0) at Python/ceval.c:2831
#18 0x080e9618 in fast_function (func=0x8c16624, pp_stack=0xbfe32e44,
n=2, na=2, nk=0) at Python/ceval.c:3660
#19 0x080e9276 in call_function (pp_stack=0xbfe32e44, oparg=1) at
Python/ceval.c:3585
#20 0x080e4932 in PyEval_EvalFrameEx (f=0x86715dc, throwflag=0) at
Python/ceval.c:2267
#21 0x080e6dcd in PyEval_EvalCodeEx (co=0x8aa28c8, globals=0x8a8af34,
locals=0x0, args=0x98381d0, argcount=2, kws=0x0, kwcount=0,
    defs=0x0, defcount=0, closure=0x0) at Python/ceval.c:2831
#22 0x08146511 in function_call (func=0x8c16d54, arg=0x98381bc, kw=0x0)
at Objects/funcobject.c:517
#23 0x08060171 in PyObject_Call (func=0x8c16d54, arg=0x98381bc, kw=0x0)
at Objects/abstract.c:1860
#24 0x080695fa in instancemethod_call (func=0x8c16d54, arg=0x98381bc,
kw=0x0) at Objects/classobject.c:2497
#25 0x08060171 in PyObject_Call (func=0x8b0b7b4, arg=0x9149d8c, kw=0x0)
at Objects/abstract.c:1860
#26 0x080e88f0 in PyEval_CallObjectWithKeywords (func=0x8b0b7b4,
arg=0x9149d8c, kw=0x0) at Python/ceval.c:3433
#27 0xb7960687 in sip_api_emit_to_slot (slot=0x97cbfb8,
sigargs=0x9149d8c) at qtlib.c:680
#28 0xb7b7c7db in initQtCore () from
/usr/local/lib/python2.5/site-packages/PyQt4/QtCore.so
#29 0xb7b7d272 in initQtCore () from
/usr/local/lib/python2.5/site-packages/PyQt4/QtCore.so
#30 0xb7b7d525 in initQtCore () from
/usr/local/lib/python2.5/site-packages/PyQt4/QtCore.so
#31 0xb7a842ba in QMetaObject::activate (sender=0x97c7c20,
from_signal_index=29, to_signal_index=29, argv=0xbfe338bc)
    at kernel/qobject.cpp:3066
#32 0xb7a847eb in QMetaObject::activate (sender=0x97c7c20, m=0xb704cd38,
local_signal_index=2, argv=0xbfe338bc) at kernel/qobject.cpp:3125
#33 0xb6c86908 in QMenu::triggered (this=0x97c7c20, _t1=0x98a8010) at
.moc/debug-shared/moc_qmenu.cpp:155
#34 0xb6c8a32c in QMenuPrivate::_q_actionTriggered (this=0x97c7f30) at
widgets/qmenu.cpp:954
#35 0xb6c8e5d7 in QMenu::qt_metacall (this=0x97c7c20,
_c=QMetaObject::InvokeMetaMethod, _id=8, _a=0xbfe33e6c)
    at .moc/debug-shared/moc_qmenu.cpp:97
#36 0xb736e005 in initQtGui () from
/usr/local/lib/python2.5/site-packages/PyQt4/QtGui.so
#37 0xb7a842ba in QMetaObject::activate (sender=0x98a8010,
from_signal_index=5, to_signal_index=6, argv=0xbfe33e6c)
---Type <return> to continue, or q <return> to quit---
    at kernel/qobject.cpp:3066
#38 0xb7a84552 in QMetaObject::activate (sender=0x98a8010, m=0xb7047800,
from_local_signal_index=1, to_local_signal_index=2,
    argv=0xbfe33e6c) at kernel/qobject.cpp:3145
#39 0xb682b490 in QAction::triggered (this=0x98a8010, _t1=false) at
.moc/debug-shared/moc_qaction.cpp:208
#40 0xb682d6ba in QAction::activate (this=0x98a8010,
event=QAction::Trigger) at kernel/qaction.cpp:1087
#41 0xb6c8ff60 in QMenuPrivate::activateAction (this=0x97c7f30,
action=0x98a8010, action_e=QAction::Trigger, self=true)
    at widgets/qmenu.cpp:897
#42 0xb6c92b98 in QMenu::mouseReleaseEvent (this=0x97c7c20,
e=0xbfe34698) at widgets/qmenu.cpp:1974
#43 0xb736de14 in initQtGui () from
/usr/local/lib/python2.5/site-packages/PyQt4/QtGui.so
#44 0xb6890a09 in QWidget::event (this=0x97c7c20, event=0xbfe34698) at
kernel/qwidget.cpp:6031
#45 0xb6c8de92 in QMenu::event (this=0x97c7c20, e=0xbfe34698) at
widgets/qmenu.cpp:2063
#46 0xb7368d4c in initQtGui () from
/usr/local/lib/python2.5/site-packages/PyQt4/QtGui.so
#47 0xb68344dd in QApplicationPrivate::notify_helper (this=0x83e2080,
receiver=0x97c7c20, e=0xbfe34698) at kernel/qapplication.cpp:3538
#48 0xb68350e5 in QApplication::notify (this=0x83e1fd0,
receiver=0x97c7c20, e=0xbfe34698) at kernel/qapplication.cpp:3237
#49 0xb752b103 in initQtGui () from
/usr/local/lib/python2.5/site-packages/PyQt4/QtGui.so
#50 0xb7a70a10 in QCoreApplication::notifyInternal (this=0x83e1fd0,
receiver=0x97c7c20, event=0xbfe34698)
    at kernel/qcoreapplication.cpp:509
#51 0xb68412d7 in QCoreApplication::sendSpontaneousEvent
(receiver=0x97c7c20, event=0xbfe34698)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:189
#52 0xb68af02c in QETWidget::translateMouseEvent (this=0x97c7c20,
event=0xbfe34b9c) at kernel/qapplication_x11.cpp:3746
#53 0xb68acfb7 in QApplication::x11ProcessEvent (this=0x83e1fd0,
event=0xbfe34b9c) at kernel/qapplication_x11.cpp:2902
#54 0xb68dbe5e in QEventDispatcherX11::processEvents (this=0x83cf860,
flags=@0xbfe34c4c) at kernel/qeventdispatcher_x11.cpp:112
#55 0xb7a6d3b6 in QEventLoop::processEvents (this=0xbfe34cdc,
flags=@0xbfe34c90) at kernel/qeventloop.cpp:126
#56 0xb7a6d539 in QEventLoop::exec (this=0xbfe34cdc, flags=@0xbfe34ce4)
at kernel/qeventloop.cpp:172
#57 0xb7a71278 in QCoreApplication::exec () at
kernel/qcoreapplication.cpp:729
#58 0xb6834060 in QApplication::exec () at kernel/qapplication.cpp:3035
#59 0xb752befd in initQtGui () from
/usr/local/lib/python2.5/site-packages/PyQt4/QtGui.so
#60 0x08146dd2 in PyCFunction_Call (func=0x92cf5e4, arg=0xb7db7034,
kw=0x0) at Objects/methodobject.c:73
#61 0x080e90e0 in call_function (pp_stack=0xbfe35274, oparg=0) at
Python/ceval.c:3564
#62 0x080e4932 in PyEval_EvalFrameEx (f=0x83c9a6c, throwflag=0) at
Python/ceval.c:2267
#63 0x080e951b in fast_function (func=0x839ac64, pp_stack=0xbfe35874,
n=0, na=0, nk=0) at Python/ceval.c:3650
#64 0x080e9276 in call_function (pp_stack=0xbfe35874, oparg=0) at
Python/ceval.c:3585
#65 0x080e4932 in PyEval_EvalFrameEx (f=0x81bdaac, throwflag=0) at
Python/ceval.c:2267
#66 0x080e6dcd in PyEval_EvalCodeEx (co=0xb7da0bc8, globals=0xb7dde214,
locals=0xb7dde214, args=0x0, argcount=0, kws=0x0, kwcount=0,
    defs=0x0, defcount=0, closure=0x0) at Python/ceval.c:2831
#67 0x080dc54a in PyEval_EvalCode (co=0xb7da0bc8, globals=0xb7dde214,
locals=0xb7dde214) at Python/ceval.c:494
#68 0x08110d8b in run_mod (mod=0x8211f78, filename=0xbfe370eb
"/usr/local/lib/python2.5/site-packages/eric4/eric4.py",
    globals=0xb7dde214, locals=0xb7dde214, flags=0xbfe35be4,
arena=0x81c03c8) at Python/pythonrun.c:1271
#69 0x08110d21 in PyRun_FileExFlags (fp=0x81b0008, filename=0xbfe370eb
"/usr/local/lib/python2.5/site-packages/eric4/eric4.py",
    start=257, globals=0xb7dde214, locals=0xb7dde214, closeit=1,
flags=0xbfe35be4) at Python/pythonrun.c:1257
#70 0x0810f867 in PyRun_SimpleFileExFlags (fp=0x81b0008,
filename=0xbfe370eb "/usr/local/lib/python2.5/site-packages/eric4/eric4.py",
    closeit=1, flags=0xbfe35be4) at Python/pythonrun.c:877
#71 0x0810ef34 in PyRun_AnyFileExFlags (fp=0x81b0008,
filename=0xbfe370eb "/usr/local/lib/python2.5/site-packages/eric4/eric4.py",
---Type <return> to continue, or q <return> to quit---
    closeit=1, flags=0xbfe35be4) at Python/pythonrun.c:696
#72 0x080578d0 in Py_Main (argc=2, argv=0xbfe35cf4) at Modules/main.c:523
#73 0x08056876 in main (argc=Cannot access memory at address 0x1


Other gdb-info :
-----------------
(gdb) list
157                 he->first = NULL;
158
159                 while (w != NULL)
160                 {
161                     /* We are removing it from the map here. */
162                     sipSetNotInMap(w);
163                     sip_api_common_dtor(w);
164
165                     w = w->next;
166                 }
(gdb) print w
$1 = (sipWrapper *) 0xdbdbdbdb
(gdb) print *w
Cannot access memory at address 0xdbdbdbdb
(gdb)

More information about the PyQt mailing list